diff --git a/en_US/overview/0-network.ports.md b/en_US/overview/0-network.ports.md index 5696af74..b741ae7b 100644 --- a/en_US/overview/0-network.ports.md +++ b/en_US/overview/0-network.ports.md @@ -1,66 +1,28 @@ # Which network ports are open by iRedMail -[TOC] - -## SMTP (Postfix) - -* 25: normal smtp port, used for server-to-server communication. -* 587: Submission (SMTP over TLS), used for mail clients to send email. -* 465: smtps (SMTP over SSL). Deprecated, and disabled by default, please use - port 587 instead. - -## POP3/IMAP (Dovecot) - -* 110: POP3 service, insecure connection. Supports STARTTLS for secure connection. -* 995: POP3S (Secure POP3 over SSL). Deprecated, recommended to use port 110 with STARTTLS. -* 143: IMAP service, insecure connection. Supports STARTTLS for secure connection. -* 993: IMAPS (Secure IMAP over SSL). Deprecated, recommended to use port 143 with STARTTLS. -* 4190: managesieve service. (Refuse connections from external network in iptables by default). Note: in old iRedMail releases, it's port 2000, it's deprecated and not even listed in `/etc/services` file. - -## Web server (Apache or Nginx) - -* 80: normal web service port -* 443: HTTPS (http over SSL, secure connection) - -SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. - -## MySQL - -* 3306: default listen port. Listening on IP address `127.0.0.1` by default. - -## PostgreSQL - -* 5432: default listen port. Listening on IP address `127.0.0.1` by default. - -## OpenLDAP - -* 389: normal LDAP port, supports STARTTLS for secure connection. -* 636: LDAP over SSL. Deprecated, recommended to use port 387 with STARTTLS for - secure connection. - -Listening on all available network interfaces by default, but access from -external network is blocked by firewall (iptables, pf). - -## Amavisd-new - -* 10024: port used for inbound messages, includes spam/virus scanning, DKIM - verification, applying spam policy. -* 10026: port used for outbound messages, includes spam/virus scanning, DKIM - signing, apply spam policy. -* 9998: port used to manage quarantined emails. - -All ports are listening on `127.0.0.1` by default. - -## iRedAPD (Postfix policy server) - -* 7777: default listen port. Listening on IP address `127.0.0.1` by default, - offers greylisting, whitelisting, blacklists, throttling, and other features. - -## Policyd or Cluebringer (Postfix policy server) +Port | Service | Software | Comment | Allow Public Access? +--- |--- |--- |--- |--- +25 | smtp | Postfix | Normal smtp service, used for server-to-server communication. | YES +587 | submission | Postfix | a.k.a. SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users) +465 | smtps | Postfix | a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead. | YES (open to your end users) +110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | YES (open to your end users) +995 | pop3s | Dovecot | Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | YES (open to your rend users) +143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | YES (open to your end users) +993 | imaps | Dovecot | Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | YES (open to your rend users) +4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | YES (open to your end users, or disabled and force users to manage mail filters with webmail) +80 | http | Apache/Nginx | Web service | YES (open to your webmail users) +443 | https | Apache/Nginx | Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | YES (open to your webmail users) +3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default) +5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default) +389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default) +636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (listen on `127.0.0.1` by default) +10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default) +10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default) +9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default) +7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default) !!! note - Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced - by iRedAPD. - -* 10031: default listen port. Listening on IP address `127.0.0.1` by default. + In iRedMail-0.9.2 and earlier releases, Policyd or Cluebringer listens on + port 10031. They have been removed in iRedMail-0.9.3, and replaced by + iRedAPD. diff --git a/html/network.ports.html b/html/network.ports.html index 558ed970..e7dd8c8e 100644 --- a/html/network.ports.html +++ b/html/network.ports.html @@ -16,82 +16,151 @@ iRedMail // Document Index
/etc/services
file.SOGo groupware provides Exchange ActiveSync (EAS) support through port 443.
-127.0.0.1
by default.127.0.0.1
by default.Listening on all available network interfaces by default, but access from -external network is blocked by firewall (iptables, pf).
-All ports are listening on 127.0.0.1
by default.
127.0.0.1
by default,
- offers greylisting, whitelisting, blacklists, throttling, and other features.Port | +Service | +Software | +Comment | +Allow Public Access? | +
---|---|---|---|---|
25 | +smtp | +Postfix | +Normal smtp service, used for server-to-server communication. | +YES | +
587 | +submission | +Postfix | +a.k.a. SMTP over TLS. Used by end users to send/submit email. | +YES (open to your end users) | +
465 | +smtps | +Postfix | +a.k.a. SMTP over SSL. Deprecated and disabled by default, please use port 587 instead. | +YES (open to your end users) | +
110 | +pop3 | +Dovecot | +Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is available by default. | +YES (open to your end users) | +
995 | +pop3s | +Dovecot | +Used by end users to restrieve emails via POP3 protocol over SSL. Port 110 with STARTTLS is recommended. | +YES (open to your rend users) | +
143 | +imap | +Dovecot | +Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is available by default. | +YES (open to your end users) | +
993 | +imaps | +Dovecot | +Used by end users to restrieve emails via IMAP protocol over SSL. Port 143 with STARTTLS is recommended. | +YES (open to your rend users) | +
4190 | +managesieve | +Dovecot | +Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in /etc/services file). |
+YES (open to your end users, or disabled and force users to manage mail filters with webmail) | +
80 | +http | +Apache/Nginx | +Web service | +YES (open to your webmail users) | +
443 | +https | +Apache/Nginx | +Web service over over SSL, secure connection. SOGo groupware provides Exchange ActiveSync (EAS) support through port 443. | +YES (open to your webmail users) | +
3306 | +mysql | +MySQL/MariaDB | +MySQL/MariaDB database service | +NO (listen on 127.0.0.1 by default) |
+
5432 | +postgresql | +PostgreSQL | +PostgreSQL database service | +NO (listen on 127.0.0.1 by default) |
+
389 | +ldap | +OpenLDAP (or OpenBSD ldapd) | +LDAP service, STARTTLS is available for secure connection. | +NO (listen on 127.0.0.1 by default) |
+
636 | +ldaps | +OpenLDAP (or OpenBSD ldapd) | +LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | +NO (listen on 127.0.0.1 by default) |
+
10024 | ++ | Amavisd-new | +Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | +NO (listen on 127.0.0.1 by default) |
+
10026 | ++ | Amavisd-new | +Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | +NO (listen on 127.0.0.1 by default) |
+
9998 | ++ | Amavisd-new | +Used to manage quarantined emails. | +NO (listen on 127.0.0.1 by default) |
+
7777 | ++ | iRedAPD | +Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | +NO (listen on 127.0.0.1 by default) |
+
Note
-Policyd and Cluebringer were removed since iRedMail-0.9.3, they're replaced -by iRedAPD.
-127.0.0.1
by default.